Information for: DEVELOPERS   PARTNERS

Generating an SSH public key

Before you can SSH to sign in to your web server, or connect to your Git code repository, you must have an SSH private/public key pair.

Key requirements

With Acquia Cloud, your SSH public key must be at least 4096 bits in size.

All websites requiring Payment Card Industry Data Security Standard (PCI DSS) compliance must be in an Acquia PCI DSS-compliant product offering. To meet PCI DSS requirements, all users must use multi-factor authentication for remote access to their PCI DSS environment. When you connect to an Acquia Cloud environment using SSH, you use your SSH key as one authentication factor. To provide a second authentication factor, you must use a passphrase with your SSH key. You can add a passphrase when you create your SSH key pair. For more information about PCI compliance on Acquia Cloud, see the Compliance with standards and regulations.

Methods for generating a key pair

To generate an SSH private/public key pair for your use, you can use one of the following methods: Acquia Dev Desktop or ssh-keygen.

Acquia Dev Desktop

Using Acquia Dev Desktop (free download) for your local application development provides you with an additional advantage—creation of an SSH private/public key pair for your application by clicking a button.

After you install Acquia Dev Desktop, see Generating an SSH key to learn how to create an SSH key and register it with Acquia Cloud.


You can also use the ssh-keygen command from the command line to generate an SSH private/public key pair.


If you are using Windows, you may not have access to the ssh-keygen command. To use this command, you can download and install Git for Windows, and then use the Bash shell to follow the remaining instructions in this section.

To generate an SSH private/public key pair using the ssh-keygen command, complete the following steps:

  1. Open a shell or command-line window on your machine.

  2. Ensure you do not already have a public key saved to your machine. To check whether you have a public key saved to your machine, run the following command:

    cd ~/.ssh ls -l

    If the directory and key file exists, run the following commands to back up the key id_rsa, as the procedure will overwrite any key named id_rsa in this directory.

    mkdir key_backup mv id_rsa* key_backup
  3. Generate a new public/private key pair using the keygen command:

    ssh-keygen -b 4096

    The keygen command prompts you for the directory to contain the key.

    Generating public/private rsa key pair. Enter file in which to save the
    key (/Users/[user_dir]/.ssh/id_rsa):

    Select the Enter key to accept the default location of /.ssh/id_rsa in your user directory.

    Enter passphrase (empty for no passphrase): [passphrase] Enter same
    passphrase again: [passphrase]

    Substitute [passphrase] with your own text to encrypt the private key on your machine. You can use an empty passphrase, but if you do, another user can impersonate you with a copy of the key file.


    Ensure you keep track of the passphrase because you must enter it when you use the key.

    The keygen command displays the following output:

    Generating public/private rsa key pair. Your identification has been saved
    in /Users/[user_dir]/.ssh/id_rsa. Your public key has been saved in
    /Users/[user_dir]/.ssh/ The key fingerprint is:
    52:96:e9:c8:06:c2:57:26:6d:ef:2f:0c:d9:81:f4:1c [email protected]
  4. Copy the key to your clipboard. To simplify the process, macOS users can run the following command to copy the key from the file to your clipboard:

    pbcopy < ~/.ssh/

    Alternately, using your favorite text editor, you can open the ~/.ssh/ file, and then copy the contents of the file manually.


    You must copy the key without adding newlines or whitespace.

After you generate the key, you can add the public key to your Acquia user profile in Acquia Cloud.